Ransomware Terrorism: Should We Be Worried?

By Marcus Chung, CEO, BoldCloud.

Marcus J. Chung
Marcus J. Chung

The threat of ransomware being used as a highly effective form of cyber terrorism has been receiving a lot of media attention lately. The story line stems from a recent Lloyds of London report that boldly states a large-scale ransomware attack could cost the global economy $193 billion and impact more than 600,000 businesses worldwide.

The report further speculates that if coordinated and executed properly, a global attack like WannaCry could cause even more severe damage and cost companies significantly more when you factor in all the business disruption and recovery related costs that would follow in the wake of a wide-scale attack.

With doomsday projections like these, it’s easy for people to become numb to the associated cyber security risks. Yet security professionals must always remain objective when assessing the scope of a threat versus the cost of implementing security measures to arrive at a risk-based recommendation.

What is ransomware terrorism?

Terrorism is broadly defined as the use or threat of violence that aims to spread fear in a population, and to advance a political, ideological or religious cause. Ransomware can be used in this context to disrupt the life of individuals and organizations, which depend on the smooth functioning of information technology to maintain operations.

While historically, the main goal of ransomware has been to extract, or extort, money or other valuable consideration from the affected party. NotPetya made us aware that there is a lot more damage an attacker could do with access to an army of computers spread across the globe than just turning them into bricks.

To prevent or avoid the consequences of an attack of terrorism, the defenders must effectively repel every single attempt to perpetrate the crime. Ultimately, the attackers only need to overcome the defenses once in any given situation to prevail.

Exploring the potential impacts of ransomware terrorism

In the proposed scenarios created by the Cyber Risk Management (CyRiM) project and Cambridge Centre for Risk Studies (CCRS), put forth in the report called, “Bashe Attack: Global infection by contagious malware,” a ransomware terrorist attack could be launched through an infected email, which once opened would be forwarded to all stored contacts.

Then within 24 hours, the malware could encrypt all data on 30 million devices worldwide. In the worst case scenario of the event, even the backups would be erased—meaning companies of all sizes would be forced to pay a ransom to decrypt their data or replace their infected devices.

It is easy to conceive that a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, inaccessible data files, IT clean-up costs, ransom payments and supply chain disruption.

The moral of the story according to Lloyds is that all businesses should pay close attention to systemic risk across all lines of business, not just within the silo of cyber and businesses should buy insurance to help protect against such catastrophic scenarios.

Clearly as companies increase their reliance on technology, the need to defend against cyber security challenges like malware becomes ever more critical to meeting the goals of the business. While cyber insurance has its place in a well-executed cyber security strategy, it doesn’t protect a business or the economy from the operational nightmare caused by a massive ransomware attack.

At BoldCloud, we have typically worked with companies after they’ve been hit by a one-off ransomware attack. When the city of Atlanta was hit by ransomware, it provided a very public view into the aftermath of an attack. It basically brought all cyber related city activities to a complete standstill. More recently, Norsk Hydro was a victim of the LockerGoga ransomware and estimates their current costs at $40 million with a projection of months before being able to resume normal operations. I can only imagine the nightmare that would ensue if 600,000 businesses were hit within 24 hours. Needless to say, we’d be very busy helping clients with their data security needs.

Are we defenseless against ransomware terrorism?

Hackers are becoming extremely resourceful and have found ways to circumvent even the most advanced antivirus and anti-ransomware solutions. These solutions cannot protect against fully undetectable (FUD) and targeted threats that were conceived by cyber criminals to directly evade existing security layers and harm data.

Easy-to-use “ransomware-as-a-service” can be purchased cheaply on the darknet. Some vendors even offer customer support for buyers of their malware. And would-be terrorists who want customized ransomware can hire black-hat coders for its development.

While defending against ransomware may seem daunting, business leaders and system owners, whether they be physical or cyber-based, must prepare for and take defensive actions to prevent one-off as well as large scale attacks. While there is no silver bullet ransomware solution, the following are some of the most important actions your organization should take:

Conclusion

With an unprecedented number of ransomware and targeted attacks being reported and insights into the large-scale damage that could result from more coordinated global attacks, it seems every business has an obligation to put adequate measures in place to make themselves a less likely target. Attackers will always exploit weaker and more vulnerable targets. While no one can stop terrorists from using ransomware as their weapon of choice, you can, and should, advocate to make sure your business is at least a less likely victim.


Write a Comment

Your email address will not be published. Required fields are marked *